Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > I was therefore surprised to find that BIND 9.14 refuses load zone files > with TXT records in the generic form, for example named-checkzone does > not accept: > > example.org. IN TXT \# 4 deadbeef
The long version of Mark's message is that a TXT record consists of an overall RDLENGTH (which is the number after the \#) and then each string in the RDATA is prefixed with its own length byte. So the wire format of TXT "\222\173\190\239 is TYPE16 \# 5 04deadbeef The multiple strings and nested lengths in TXT records are a curiously gratuitous complication. When I was working out how a SHA-1 attack could work with TXT records, (https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html) one of the problems was that the collision blocks in the best attack so far are 588 bytes, which is too big to fit into a single TXT string. So there will be length bytes inside the collision blocks which can't easily be controlled by the attacker. The solution is to append 255 zero bytes which is enough to fill the tail end of any string specified by the last length byte in the collision blocks, and any excess zero bytes get treated as a sequence of empty strings. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Dogger, Fisher, German Bight: West 7 to severe gale 9, decreasing 6 for a time. Rough or very rough. Squally wintry showers. Good, occasionally poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop